We’re rapidly approaching the tail-end of 2024 – whether you’re reflecting on what an adventure it’s been or simply glad it’s (almost) over, it’s a great time to make some resolutions for 2025.
I’m not talking about walking miles daily or cutting out chocolate (though if you are, you got this). Cybersecurity resolutions are just as important, even if they’re small and simple, and can go a long way to protecting your overall digital privacy.
Keep reading, and I’ll walk you through the top cybersecurity habits you should pick up in time for 2025. Adopting even one of these tips is better than none – and your online security will thank you.
1. Think before clicking
Okay, you’ve probably heard this advice a million times before, but it bears repeating. Some links are plain dodgy – whether you come across them in an email, text message, or on your social media feed.
Often, these links are part of social engineering campaigns like phishing scams and rely on a human behind the screen to make an error in judgment and click something they shouldn’t. It’s why they’re so effective. After all, it’s much easier to catch a human unaware or on a bad day than to fool a security system.
Research from Verizon’s 2023 Data Breach Investigation claims that a whopping 74% of all data breaches included some sort of human interaction.
Phishing, unfortunately, remains as prevalent a threat as ever. Typically, a phishing campaign involves a bad actor cooking up an email or SMS message that pushes the recipient to fork over personal data. They pretend to be trustworthy sources and include a link – but it’ll be a bogus one designed to capture your logins, financial info, or other personal details.
While phishing is hardly a new threat, it is getting more sophisticated thanks to generative AI. Research conducted by LastPass found that 95% of businesses agreed that, in 2023, phishing attempts had become more sophisticated, using more dynamic and tailored content to get those all-important clicks on their malicious links.
Luckily, even though generative AI is getting better at duping us, there are a few simple things to look for whenever you receive one of these suspicious emails or texts that can help you determine whether a link is safe or not.
- Use a search engine to look up the site or service rather than following a suspect link. Make sure you avoid clicking on ads listed in the results, too.
- Check out a free link checker (like NordVPN’s Link Checker). Just punch in the URL and it’ll tell you whether it’s safe to follow it – or if it’s better off avoided. This is especially useful for shortened URLs.
- Look for errors in the URL itself. Is anything spelled wrong? (Instagran.com instead of Instagram.com – unless you’re on the hunt for on-demand grannies). Is the domain incorrect? Any of these can be giveaway signs of a malicious site.
- Hover over the URL (without clicking), as sometimes a bad actor can hide the real URL inside the link, which can look innocent enough on the outside.
2. Don’t assume that you won’t be impacted by cyberattacks
This is something I come across a lot. People think that because they’re not getting up to no good online, or because they’re an average person doing average internet things, their data won’t interest bad actors.
Unfortunately, today’s cybercriminals don’t discriminate, and anyone with an online presence can be caught in their web.
One of the best, quickest, and most secure solutions to everyday threats is to use multi-factor authentication (MFA). It’s called two-factor authentication sometimes, too (2FA).
Multi-factor authentication is a quick and easy way to boost your account security
Essentially, it introduces another layer of verification to the login process of a particular app or site. You’ll need to input a code, in addition to the usual email and password combo, when logging in – and the code will be delivered to you (and only you) via SMS.
This makes it much harder for would-be hackers to access your accounts (with the likes of a brute force attack) as, even if they have your email and password from a data leak, they won’t have the necessary code to log in and cause havoc.
So yes, while MFA adds an extra step to your login process which can be slightly annoying, losing access to your social media accounts or online banking because a cybercriminal has brute forced their way inside is far more infuriating, trust me.
3. Don’t ignore those updates
You unlock your phone and a handy little pop-up reminds you that you have updates pending. It’s tempting to tap that “Remind me later” button – but hold fire. These regular updates are a critical part of your device’s security.
Updates like these often contain patches and solutions to known vulnerabilities, breaches, and cutting-edge attacks that could lead to huge data losses if left unaddressed. They also contain:
- Solutions to loopholes that attackers might otherwise exploit
- New features - that could include security-boosting measures
- Bug fixes
- Quality-of-life improvements
Basically, it’s a win/win.
A good rule of thumb is to keep on top of updates, remove any apps you don’t use regularly, and ensure that your PC or laptop’s operating system is up to date, too.
4. Back it up
Think of all the digital valuables on your devices - pictures, videos, music, work files, password details, and financial information. All of it can be lost in a ransomware attack, for example, and it’s hard to recover it once it’s lost in the digital ether. That’s why it’s well worth picking up an external hard drive to store copies on.
That way, if you are caught up in a ransomware attack, you won’t have to worry about the bad actor behind the threat deleting all of your most prized cyber possessions.
With your files securely backed up elsewhere, you’ll also be covered in the event of a human error disaster – and hey, these things happen. If you happen to delete a folder permanently or make an irreversible change to an important file, there’ll be no need to panic. Copies of your originals will be safe, sound, and ready to re-download on your external hard drive.
5. Invest in a secure VPN
Generally speaking, the internet isn’t always a safe place to be - and that’s because data is big business these days. Hackers are hungry for your personal details and aren’t above tracking your online movements to get what they want.
Fortunately, today's best VPNs put a stop to this snooping, making it a whole lot harder for third parties to keep tabs on you as you do your thing.
Whether it’s a cybercriminal, your internet service provider (ISP), or even your government, VPN encryption ensures your data is unreadable as it leaves your device and heads to the site you punched into Google.
Wondering which VPNs really, seriously have your digital privacy in mind? Head on over to our guide to today’s best secure VPNs.
A VPN won’t make you totally anonymous online (if only it were that simple), but it adds an extra layer of privacy to your activity to give you peace of mind. For instance, you’ll be assigned a new (temporary) IP address when you connect to a VPN server, which means anyone trying to connect your activity to you will see the VPN’s IP address and not yours.
This is just the tip of the iceberg when it comes to the perks of using a VPN, however. Pick up a plan, and you’ll also be able to:
- Unblock geo-restricted streaming content – like US Netflix
- Bypass government-imposed restrictions on content, sites, news outlets and more
- Ensure your P2P downloads are as safe and secure as they can be
- Prevent ISP throttling – which could otherwise impact your streaming or gaming sessions
- Pick up region-specific deals on big-ticket items, games, and more, and even avoid cookie-based price hijacking
